<?php
namespace App\Library\wxOpen;

use App\Models\Saas\Setting;

/**
 * 微信的消息加解密示例代码.
 *
 * @copyright Copyright (c) 1998-2014 Tencent Inc.
 */

/**
 * 1.第三方回复加密消息给公众平台；
 * 2.第三方收到公众平台发送的消息，验证消息的安全性，并对消息进行解密。
 */
class WxBizMsgCrypt
{
	private $token;
	private $encodingAesKey;
	private $appId;
    private $key;

    /**
     * error code 说明.
     * <ul>
     *    <li>-40001: 签名验证错误</li>
     *    <li>-40002: xml解析失败</li>
     *    <li>-40003: sha加密生成签名失败</li>
     *    <li>-40004: encodingAesKey 非法</li>
     *    <li>-40005: appid 校验错误</li>
     *    <li>-40006: aes 加密失败</li>
     *    <li>-40007: aes 解密失败</li>
     *    <li>-40008: 解密后得到的buffer非法</li>
     *    <li>-40009: base64加密失败</li>
     *    <li>-40010: base64解密失败</li>
     *    <li>-40011: 生成xml失败</li>
     * </ul>
     */
    private static $OK = 0;
    private static $ValidateSignatureError = -40001;
    private static $ParseXmlError = -40002;
    private static $ComputeSignatureError = -40003;
    private static $IllegalAesKey = -40004;
    private static $ValidateAppidError = -40005;
    private static $EncryptAESError = -40006;
    private static $DecryptAESError = -40007;
    private static $IllegalBuffer = -40008;
    private static $EncodeBase64Error = -40009;
    private static $DecodeBase64Error = -40010;
    private static $GenReturnXmlError = -40011;

    static $msg = [
        "0" => "成功", "-40001" => "签名验证错误", "-40002" => "xml解析失败", "-40003" => "sha加密生成签名失败", "-40004" => "encodingAesKey 非法", "-40005" => "appid 校验错误",
        "-40006" => "aes 加密失败", "-40007" => "aes 解密失败", "-40008" => "解密后得到的buffer非法",
    ];

    /**
     * WxBizMsgCrypt constructor
     * @throws \Exception
     */
	public function __construct()
	{
	    $wxaOpenConf = Setting::getFields("open_app_id,msg_verify_token,encoding_key");
	    if(empty($wxaOpenConf['openAppId']) || empty($wxaOpenConf["encodingKey"]) || empty($wxaOpenConf["msgVerifyToken"])){
            throw new \Exception("微信第三方平台未配置");
        }
        $this->token = $wxaOpenConf["msgVerifyToken"]; // 微信第三方平台，开发者设置的token
        $this->encodingAesKey = $wxaOpenConf['encodingKey']; // 开发者设置的EncodingAESKey
        $this->appId = $wxaOpenConf['openAppId']; // 微信第三方平台的appId
        $this->key = base64_decode($this->encodingAesKey . "=");
	}

	/**
	 * 将公众平台回复用户的消息加密打包.
	 * <ol>
	 *    <li>对要发送的消息进行AES-CBC加密</li>
	 *    <li>生成安全签名</li>
	 *    <li>将消息密文和安全签名打包成xml格式</li>
	 * </ol>
	 *
	 * @param $replyMsg string 公众平台待回复用户的消息，xml格式的字符串
	 * @param $timeStamp string 时间戳，可以自己生成，也可以用URL参数的timestamp
	 * @param $nonce string 随机串，可以自己生成，也可以用URL参数的nonce
	 * @param &$encryptMsg string 加密后的可以直接回复用户的密文，包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
	 *                      当return返回0时有效
	 *
	 * @return int 成功0，失败返回对应的错误码
	 */
	public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
	{
		//加密
		$array = $this->encrypt($replyMsg, $this->appId);
		$ret = $array[0];
		if ($ret != 0) {
			return $ret;
		}

		if ($timeStamp == null) {
			$timeStamp = time();
		}
		$encrypt = $array[1];

		//生成安全签名
		$array = $this->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
		$ret = $array[0];
		if ($ret != 0) {
			return $ret;
		}
		$signature = $array[1];

		//生成发送的xml
		$encryptMsg = $this->generate($encrypt, $signature, $timeStamp, $nonce);
		return self::$OK;
	}

	/**
	 * 检验消息的真实性，并且获取解密后的明文.
	 * <ol>
	 *    <li>利用收到的密文生成安全签名，进行签名验证</li>
	 *    <li>若验证通过，则提取xml中的加密消息</li>
	 *    <li>对消息进行解密</li>
	 * </ol>
	 *
	 * @param $msgSignature string 签名串，对应URL参数的msg_signature
     * @param $timestamp string 时间戳 对应URL参数的timestamp
	 * @param $nonce string 随机串，对应URL参数的nonce
	 * @param $postData string 密文，对应POST请求的数据
	 * @param &$msg string 解密后的原文，当return返回0时有效
	 *
	 * @return int 成功0，失败返回对应的错误码
	 */
	public function decryptMsg($msgSignature, $timestamp, $nonce, $postData, &$msg)
	{
		if (strlen($this->encodingAesKey) != 43) {
			return self::$IllegalAesKey;
		}

		//提取密文
		$array = $this->extract($postData);
		$ret = $array[0];

		if ($ret != 0) {
			return $ret;
		}

		$encrypt = $array[1];

		//验证安全签名
		$array = $this->getSHA1($this->token, $timestamp, $nonce, $encrypt);
		$ret = $array[0];

		if ($ret != 0) {
			return $ret;
		}

		$signature = $array[1];
		if ($signature != $msgSignature) {
			return self::$ValidateSignatureError;
		}

		$result = $this->decrypt($encrypt, $this->appId);
		if ($result[0] != 0) {
			return $result[0];
		}
		$msg = $result[1];

		return self::$OK;
	}

    /**
     * 对明文进行加密
     * @param string $text 需要加密的明文
     * @param string $appId appID
     * @return array 加密后的密文
     */
    public function encrypt($text, $appId)
    {
        try {
            //拼接
            $text = $this->getRandomStr() . pack('N', strlen($text)) . $text . $appId;
            $text = $this->encode($text);
            $iv = substr($this->key, 0, 16);
            //加密
            if (function_exists('openssl_encrypt')) {
                $encrypted = openssl_encrypt($text, 'AES-256-CBC', $this->key, OPENSSL_ZERO_PADDING, $iv);
            } else {
                $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, base64_decode($text), MCRYPT_MODE_CBC, $iv);
            }
            return array(self::$OK, $encrypted);
        } catch (\Exception $e) {
            print $e;
            return array(self::$EncryptAESError, null);
        }
    }

    /**
     * 对密文进行解密
     * @param string $encrypted 需要解密的密文
     * @param string $appId
     * @return array 解密得到的明文
     */
    public function decrypt($encrypted, $appId)
    {
        try {
            $iv = substr($this->key, 0, 16);
            //解密
            if (function_exists('openssl_decrypt')) {
                $decrypted = openssl_decrypt($encrypted, 'AES-256-CBC', $this->key, OPENSSL_ZERO_PADDING, $iv);
            } else {
                $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv);
            }
        } catch (\Exception $e) {
            return array(self::$DecryptAESError, null);
        }

        try {
            //去除补位字符
            $result = $this->decode($decrypted);
            //去除16位随机字符串,网络字节序和AppId
            if (strlen($result) < 16)
                return array();
            $content = substr($result, 16, strlen($result));
            $len_list = unpack("N", substr($content, 0, 4));
            $xml_len = $len_list[1];
            $xml_content = substr($content, 4, $xml_len);
            $from_appid = substr($content, $xml_len + 4);
        } catch (\Exception $e) {
            //print $e;
            return array(self::$IllegalBuffer, null);
        }
        if ($from_appid != $appId)
            return array(self::$ValidateAppidError, null);
        return array(0, $xml_content);
    }

    /**
     * 随机生成16位字符串
     * @return string 生成的字符串
     */
    function getRandomStr()
    {
        $str = "";
        $str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
        $max = strlen($str_pol) - 1;
        for ($i = 0; $i < 16; $i++) {
            $str .= $str_pol[mt_rand(0, $max)];
        }
        return $str;
    }

    public function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
    {
        //排序
        try {
            $array = array($encrypt_msg, $token, $timestamp, $nonce);
            sort($array, SORT_STRING);
            $str = implode($array);
            return array(self::$OK, sha1($str));
        } catch (\Exception $e) {
            return array(self::$ComputeSignatureError, null);
        }
    }

    public function extract($xmltext)
    {
        libxml_disable_entity_loader(true);
        try {
            $xml = new \DOMDocument();
            $xml->loadXML($xmltext);
            $array_e = $xml->getElementsByTagName('Encrypt');
            $encrypt = $array_e->item(0)->nodeValue;
            return array(0, $encrypt);
        } catch (\Exception $e) {
            return array(self::$ParseXmlError, null, null);
        }
    }

    public function generate($encrypt, $signature, $timestamp, $nonce)
    {
        $format = "<xml>
<Encrypt><![CDATA[%s]]></Encrypt>
<MsgSignature><![CDATA[%s]]></MsgSignature>
<TimeStamp>%s</TimeStamp>
<Nonce><![CDATA[%s]]></Nonce>
</xml>";
        return sprintf($format, $encrypt, $signature, $timestamp, $nonce);
    }

    function encode($text)
    {
        $text_length = strlen($text);
        //计算需要填充的位数
        $amount_to_pad = 32 - ($text_length % 32);
        if ($amount_to_pad == 0) {
            $amount_to_pad = 32;
        }
        //获得补位所用的字符
        $pad_chr = chr($amount_to_pad);
        $tmp = "";
        for ($index = 0; $index < $amount_to_pad; $index++) {
            $tmp .= $pad_chr;
        }
        return $text . $tmp;
    }

    function decode($text)
    {
        $pad = ord(substr($text, -1));
        if ($pad < 1 || $pad > 32) {
            $pad = 0;
        }
        return substr($text, 0, (strlen($text) - $pad));
    }
}

